| Precedente :: Successivo | 
	
	
		| Autore | Messaggio | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 21 Feb 2008 12:41    Oggetto: |   |  
				| 
 |  
				| anche io penso di avere lo stesso problema,ho provato infiniti antivirus,ma niente..... posto il log di hijack se potete consigliarmi...Grazie !!! 
 
 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 9.10.52, on 21/02/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 Boot mode: Normal
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\spoolsv.exe
 C:\Programmi\Eset\nod32krn.exe
 C:\Programmi\Prevx2\PXAgent.exe
 C:\WINDOWS\system32\wbem\wmiprvse.exe
 C:\WINDOWS\System32\alg.exe
 C:\Programmi\VIAudioi\SBADeck\ADeck.exe
 C:\Programmi\Eset\nod32kui.exe
 C:\WINDOWS\system32\rundll32.exe
 C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
 C:\Programmi\Windows Live\Messenger\usnsvc.exe
 C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
 C:\Programmi\firefox\firefox.exe
 
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://207.44.208.177/enter.html
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.186.1.1:80
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
 R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
 O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
 O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
 O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [b8647935] rundll32.exe "C:\WINDOWS\system32\tnmacutl.dll",b
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196287478093
 O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
 O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
 
 --
 End of file - 4337 bytes
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Sante62 Dio maturo
 
  
  
 Registrato: 27/06/07 17:55
 Messaggi: 3477
 Residenza: Floridia
 
 | 
			
				|  Inviato: 21 Feb 2008 13:21    Oggetto: |   |  
				| 
 |  
				| Ciao Rico  e benvenuto... Per l'avvenire, apri nuova discussione e non accodarti agli altri thread;
 Per adesso ho provveduto io a sportarti...
 Adesso veniamo al tuo problema:
 disattiva il ripristino di sistema e avvia il PC in modalità provvisoria;
 avvia HJT, seleziona queste righe e clicca fix checked:
 
  	  | Citazione: |  	  | R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://207.44.208.177/enter.html F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
 O4 - HKLM\..\Run: [b8647935] rundll32.exe "C:\WINDOWS\system32\tnmacutl.dll",b
 | 
 Riavvia il PC alla modalità normale e posta un nuovo log di HJT;
 Guarda questa discussione
 relativa a Combofix, e fai la scansione del PC postando il risultato come indicato;
 fai anche la Scansione con GMER
 Ricorda che i log di GMER sono due: Autostart e Rootkit. Postali su www.freefilehosting.net come indicato quì
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 22 Feb 2008 15:25    Oggetto: |   |  
				| 
 |  
				| Ciao,scusami per il topic pensavo fosse più pratico cosi...cmq di seguito ti posto i log che mi hai richiesto intanto posso dirti che bitdefender mi trova un virus di nome "vundo",che il pc va veloce come un commodore 64  ,che ho la cartella documenti e C: piena di file pos***.tmp,e che al posto dell'hardisk come icona ho una X rossa ed ogn tanto mi appare una finestra con su scritto "Critical Error occurred...." e che ci sono due icone di windows update e help  and support center che appena provo a cancellare si ricreano magicamente...  |  | 
	
		| Top |  | 
	
		|  | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 22 Feb 2008 15:29    Oggetto: |   |  
				| 
 |  
				| Log Hikack: 
 
 
 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 14.28.27, on 22/02/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 Boot mode: Normal
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\Programmi\Prevx2\PXAgent.exe
 C:\WINDOWS\Explorer.EXE
 C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
 C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
 C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
 C:\Programmi\VIAudioi\SBADeck\ADeck.exe
 C:\WINDOWS\system32\rundll32.exe
 C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
 C:\Programmi\Windows Live\Messenger\msnmsgr.exe
 C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
 C:\WINDOWS\system32\wbem\wmiprvse.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\System32\alg.exe
 C:\Programmi\firefox\firefox.exe
 C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
 
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.186.1.1:80
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
 R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
 O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
 O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
 O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196287478093
 O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
 O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
 O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
 O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
 O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
 
 --
 End of file - 4990 bytes
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Sante62 Dio maturo
 
  
  
 Registrato: 27/06/07 17:55
 Messaggi: 3477
 Residenza: Floridia
 
 | 
			
				|  Inviato: 22 Feb 2008 19:42    Oggetto: |   |  
				| 
 |  
				| Fai la scansione con Combofix; scarica e fai la scansione con Vundofix
 - Esegui VundoFix.exe
 - Clicca Scan for Vundo.
 - al termine della scansione, clicca Remove Vundo.
 - ti chiede se vuoi eliminare i files infetti, clicca YES
 - il tuo video diventerà nero durante la rimozione di Vundo.
 - al termine ti chiederà di riavviare il pc, clicca OK.
 - Copia qui il contenuto del log C:\vundofix.txt e un nuovo log di hijackthis.
 
 Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 26 Feb 2008 21:13    Oggetto: |   |  
				| 
 |  
				| Ciao!scusami per il ritardo della risposta ma non sono stato molto a casa e quel poco tempo che ho avuto non sono riuscito a fare tutto causa la lentezza dovuta al malware e ad alcuni improvvisi arresti...di seguito ti riporto i log: 
 COMBOFIX
 
 ComboFix 08-02-22.2 - User 2008-02-26 15:20:07.1 - NTFSx86
 Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe
 
 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
 .
 
 (((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
 .
 
 C:\Documents and Settings\User\Dati applicazioni\inst.exe
 C:\Programmi\windows
 C:\Programmi\windows\bckg.dll
 C:\Programmi\windows\bckgres.dll
 C:\Programmi\windows\bckgzm.exe
 C:\Programmi\windows\chkr.dll
 C:\Programmi\windows\chkrres.dll
 C:\Programmi\windows\chkrzm.exe
 C:\Programmi\windows\Cmnclim.dll
 C:\Programmi\windows\Cmnresm.dll
 C:\Programmi\windows\hrtz.dll
 C:\Programmi\windows\Hrtzres.dll
 C:\Programmi\windows\hrtzzm.exe
 C:\Programmi\windows\rvse.dll
 C:\Programmi\windows\Rvseres.dll
 C:\Programmi\windows\Rvsezm.exe
 C:\Programmi\windows\shvl.dll
 C:\Programmi\windows\Shvlres.dll
 C:\Programmi\windows\shvlzm.exe
 C:\Programmi\windows\UniAnsi.dll
 C:\Programmi\windows\zClientm.exe
 C:\Programmi\windows\ZCorem.dll
 C:\Programmi\windows\zeeverm.dll
 C:\Programmi\windows\ZNetM.dll
 C:\Programmi\windows\zoneclim.dll
 C:\Programmi\windows\zonelibM.dll
 C:\WINDOWS\cookies.ini
 C:\WINDOWS\recover.reg
 C:\WINDOWS\system32\axgtexpk.ini
 C:\WINDOWS\system32\edeeg.ini
 C:\WINDOWS\system32\edeeg.ini2
 C:\WINDOWS\system32\esjrfltt.ini
 C:\WINDOWS\system32\gpcimtau.ini
 C:\WINDOWS\system32\ltucamnt.ini
 C:\WINDOWS\system32\mcrh.tmp
 C:\WINDOWS\system32\pdxywqoy.dllbox
 C:\WINDOWS\system32\utvwa.ini
 C:\WINDOWS\system32\utvwa.ini2
 C:\WINDOWS\system32\windows
 C:\WINDOWS\Tasks.\At22.job
 
 .
 (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 .
 -------\nm
 
 
 (((((((((((((((((((((((((   Files Creati Da 2008-01-26 al 2008-02-26  )))))))))))))))))))))))))))))))))))
 .
 
 2008-02-26 13:59 . 2008-02-26 13:59	24,576	--a------	C:\WINDOWS\system32\VundoFixSVC.exe
 2008-02-26 13:15 . 2008-02-26 13:58	<DIR>	d--------	C:\VundoFix Backups
 2008-02-21 14:39 . 2008-02-21 14:39	<DIR>	d--------	C:\Documents and Settings\Administrator\Dati applicazioni\BitDefender
 2008-02-21 14:38 . 2005-04-28 18:26	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Risorse di stampa
 2008-02-21 14:38 . 2005-04-28 18:26	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Risorse di rete
 2008-02-21 14:38 . 2005-04-28 18:26	<DIR>	d--------	C:\Documents and Settings\Administrator\Preferiti
 2008-02-21 14:38 . 2007-11-27 18:39	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Modelli
 2008-02-21 14:38 . 2005-04-28 18:26	<DIR>	dr-------	C:\Documents and Settings\Administrator\Menu Avvio
 2008-02-21 14:38 . 2005-04-28 18:26	<DIR>	d--h-----	C:\Documents and Settings\Administrator\Impostazioni locali
 2008-02-21 14:38 . 2008-02-26 15:39	<DIR>	d--------	C:\Documents and Settings\Administrator\Documenti
 2008-02-21 14:38 . 2008-02-21 14:44	<DIR>	dr-h-----	C:\Documents and Settings\Administrator\Dati applicazioni
 2008-02-21 13:41 . 2008-02-21 14:47	121	--a------	C:\WINDOWS\bdagent.INI
 2008-02-21 11:41 . 2008-02-21 11:41	<DIR>	d--------	C:\Documents and Settings\LocalService\Menu Avvio
 2008-02-21 11:28 . 2008-02-21 11:28	<DIR>	d--------	C:\Documents and Settings\User\Dati applicazioni\BitDefender
 2008-02-21 11:18 . 2008-02-21 11:20	<DIR>	d--------	C:\Programmi\BitDefender
 2008-02-21 11:18 . 2008-02-21 11:27	<DIR>	d--------	C:\Documents and Settings\All Users\Dati applicazioni\BitDefender
 2008-02-21 10:55 . 2008-02-21 11:19	<DIR>	d--------	C:\Programmi\File comuni\BitDefender
 2008-02-21 00:47 . 2008-02-21 00:47	<DIR>	d--------	C:\Programmi\Trend Micro
 2008-02-20 21:39 . 2008-02-20 21:39	320,000	--a------	C:\WINDOWS\system32\geede.dll
 2008-02-18 22:36 . 2008-02-18 22:37	<DIR>	d--------	C:\Programmi\Spybot - Search & Destroy
 2008-02-18 22:36 . 2008-02-18 23:18	<DIR>	d--------	C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
 2008-02-14 10:37 . 2008-02-14 10:57	<DIR>	d--------	C:\Documents and Settings\User\Dati applicazioni\Prevx
 2008-02-14 10:34 . 2008-02-26 16:24	<DIR>	d--------	C:\Programmi\Prevx2
 2008-02-14 10:32 . 2008-02-14 10:37	<DIR>	d--------	C:\WINDOWS\3DEBCFB2389E419C842E15501ACC8C93.TMP
 2008-02-14 10:03 . 2007-11-29 00:13	58,952	--a------	C:\WINDOWS\system32\MsgPlusLoader.dll
 2008-02-14 09:24 . 2008-02-14 09:24	50,688	--a------	C:\Documents and Settings\User\957123845.exe
 2008-02-14 09:24 . 2008-02-14 09:24	50,688	--a------	C:\Documents and Settings\User\957123844.exe
 2008-02-14 09:23 . 2008-02-14 09:23	50,688	--a------	C:\Documents and Settings\User\166.exe
 2008-02-12 19:43 . 2008-02-14 11:22	<DIR>	d--------	C:\Documents and Settings\User\Dati applicazioni\Vso
 2008-02-12 19:43 . 2008-02-12 19:43	47,360	--a------	C:\WINDOWS\system32\drivers\pcouffin.sys
 2008-02-12 19:43 . 2008-02-14 11:21	47,360	--a------	C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
 2008-02-04 21:28 . 2008-02-21 14:42	<DIR>	d--------	C:\Programmi\DivX
 2008-01-31 13:15 . 2004-05-14 16:53	462,848	--a------	C:\WINDOWS\system32\ltkrn13n.dll
 2008-01-31 13:15 . 2004-05-14 16:53	450,560	--a------	C:\WINDOWS\system32\ltimg13n.dll
 2008-01-31 13:15 . 2004-05-14 16:53	401,408	--a------	C:\WINDOWS\system32\lfcmp13n.dll
 2008-01-31 13:15 . 2004-05-14 16:53	299,008	--a------	C:\WINDOWS\system32\ltdis13n.dll
 2008-01-31 13:15 . 2004-01-12 02:09	206,336	--a------	C:\WINDOWS\system32\ltefx13n.dll
 2008-01-31 13:15 . 2004-05-14 16:53	163,840	--a------	C:\WINDOWS\system32\ltfil13n.dll
 2008-01-31 13:15 . 2003-11-04 15:11	159,744	--a------	C:\WINDOWS\system32\lfpng13n.dll
 2008-01-31 13:15 . 2003-11-04 15:10	69,632	--a------	C:\WINDOWS\system32\lfgif13n.dll
 2008-01-31 13:15 . 2004-05-14 16:53	57,344	--a------	C:\WINDOWS\system32\lfbmp13n.dll
 
 .
 ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
 .
 2008-02-26 13:20	---------	d-----w	C:\Programmi\firefox
 2008-02-21 15:30	---------	d-----w	C:\Documents and Settings\All Users\Dati applicazioni\Prevx
 2008-02-21 11:37	---------	d-----w	C:\Programmi\ESET
 2008-02-21 10:35	85,520	----a-w	C:\WINDOWS\system32\drivers\bdfndisf.sys
 2008-02-14 10:16	---------	d-----w	C:\Programmi\Yahoo!
 2008-02-14 09:28	---------	d-----w	C:\Programmi\Programmi exe
 2008-02-12 08:44	---------	d-----w	C:\Programmi\eMule
 2008-02-01 19:54	---------	d-----w	C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
 2008-01-12 11:49	---------	d-----w	C:\Programmi\Direct WAV MP3 Splitter
 2008-01-11 22:55	---------	d-----w	C:\Programmi\icons
 2008-01-11 22:50	---------	d--h--w	C:\Programmi\InstallShield Installation Information
 2008-01-11 10:21	---------	d-----w	C:\Programmi\mIRC6.21-Italiano-TuttoIRC
 2008-01-07 16:41	196,368	----a-w	C:\WINDOWS\system32\drivers\bdfsfltr.sys
 2007-12-28 18:21	0	---ha-w	C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
 2007-12-28 18:21	0	---ha-w	C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
 2007-12-28 18:14	---------	d-----w	C:\Programmi\Motorola Phone Tools
 2007-12-28 18:11	---------	d-----w	C:\Programmi\File comuni\Motorola Shared
 2007-12-28 14:34	92,064	----a-w	C:\Documents and Settings\User\mqdmmdm.sys
 2007-12-28 14:34	9,232	----a-w	C:\Documents and Settings\User\mqdmmdfl.sys
 2007-12-28 14:34	79,328	----a-w	C:\Documents and Settings\User\mqdmserd.sys
 2007-12-28 14:34	66,656	----a-w	C:\Documents and Settings\User\mqdmbus.sys
 2007-12-28 14:34	6,208	----a-w	C:\Documents and Settings\User\mqdmcmnt.sys
 2007-12-28 14:34	5,936	----a-w	C:\Documents and Settings\User\mqdmwhnt.sys
 2007-12-28 14:34	4,048	----a-w	C:\Documents and Settings\User\mqdmcr.sys
 2007-12-28 14:34	25,600	----a-w	C:\Documents and Settings\User\usbsermptxp.sys
 2007-12-28 14:34	22,768	----a-w	C:\Documents and Settings\User\usbsermpt.sys
 2007-12-18 21:43	234	----a-w	C:\Programmi\dizio.ini
 2007-11-27 15:46	77,824	----a-w	C:\WINDOWS\system32\xcomm.dll
 .
 
 (((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
 .
 .
 REGEDIT4
 *Nota* i valori vuoti & legittimi/default non sono visualizzati.
 
 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{297CBB7D-59D7-4853-B892-32818E6A1B46}]
 
 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CE5D890-1519-42C3-A3A0-AFC3307F2680}]
 2008-02-20 21:39	320000	--a------	C:\WINDOWS\system32\geede.dll
 
 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6296a8b2-739d-48fd-a143-f9af12639031}]
 C:\WINDOWS\system32\tpaqfvho.dll
 
 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84A2B948-7321-4AEC-A5F9-7E40610BDE97}]
 
 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9a34b016-4d61-4bf3-a0e4-bbd093c9ba67}]
 C:\WINDOWS\system32\ibighcvj.dll
 
 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
 C:\WINDOWS\system32\pdxywqoy.dll
 
 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC4CDD41-27D4-44DD-B303-D8EE85A05BAD}]
 
 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5F42965-53DA-489E-9EBF-4BDFC8E6BE0C}]
 
 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8805F76-0707-447E-B106-0302B29ADEAD}]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
 {EF99BD32-C1FB-11D2-892F-0090271D4F88}
 {381FFDE8-2394-4F90-B10D-FC6124A40F8C}
 
 [HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
 [HKEY_CLASSES_ROOT\BitDefender Toolbar]
 
 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 
 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
 
 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
 
 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
 
 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 26 Feb 2008 21:14    Oggetto: |   |  
				| 
 |  
				| VundoFix V6.7.9 
 Checking Java version...
 
 Sun Java not detected
 Scan started at 13:15:24 2008-02-26
 
 Listing files found while scanning....
 
 C:\WINDOWS\system32\adfhmwdk.dll
 C:\windows\system32\adfhmwdk.dllbox
 C:\WINDOWS\system32\efcbbxx.dll
 C:\WINDOWS\system32\ibighcvj.dll
 C:\WINDOWS\system32\pvkdiyyd.dll
 
 Beginning removal...
 
 Attempting to delete C:\windows\system32\adfhmwdk.dllbox
 C:\windows\system32\adfhmwdk.dllbox Has been deleted!
 
 Attempting to delete C:\WINDOWS\system32\efcbbxx.dll
 C:\WINDOWS\system32\efcbbxx.dll Could not be deleted.
 
 Attempting to delete C:\WINDOWS\system32\ibighcvj.dll
 C:\WINDOWS\system32\ibighcvj.dll Has been deleted!
 
 Attempting to delete C:\WINDOWS\system32\pvkdiyyd.dll
 C:\WINDOWS\system32\pvkdiyyd.dll Has been deleted!
 
 Performing Repairs to the registry.
 Done!
 
 Beginning removal...
 
 Attempting to delete C:\WINDOWS\system32\efcbbxx.dll
 C:\WINDOWS\system32\efcbbxx.dll Has been deleted!
 
 Performing Repairs to the registry.
 Done!
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 26 Feb 2008 21:16    Oggetto: |   |  
				| 
 |  
				| Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:15, on 2008-02-26
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 Boot mode: Normal
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\csrss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\spoolsv.exe
 C:\Programmi\Prevx2\PXAgent.exe
 C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
 C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
 C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
 C:\WINDOWS\system32\wbem\wmiprvse.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\System32\alg.exe
 C:\Programmi\VIAudioi\SBADeck\ADeck.exe
 C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
 C:\Programmi\Windows Live\Messenger\msnmsgr.exe
 C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
 C:\Programmi\firefox\firefox.exe
 C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
 
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.186.1.1:80
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
 R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
 O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
 O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
 O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
 O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196287478093
 O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
 O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
 O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
 O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
 O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
 
 --
 End of file - 5041 bytes
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Sante62 Dio maturo
 
  
  
 Registrato: 27/06/07 17:55
 Messaggi: 3477
 Residenza: Floridia
 
 | 
			
				|  Inviato: 26 Feb 2008 23:20    Oggetto: |   |  
				| 
 |  
				| Bene, scarica The Avenger Scompattalo in una sua cartella in c:\
 Avvialo
 Clicca su input script manually
 Clicca sulla lente d'ingrandimento
 Inserisci queste righe:
 
  	  | Citazione: |  	  | files to delete: C:\Documents and Settings\User\957123845.exe
 C:\Documents and Settings\User\957123844.exe
 C:\Documents and Settings\User\166.exe
 | 
 Clicca su Done
 Clicca sul semaforo
 Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
 Al termine, dovrebbe aprirsi il blocco note con il risultato che incollerai qui...
 altrimenti lo trovi su C:\Avenger.txt
 fai anche la
 Scansione con GMER
 Ricorda che i log di GMER sono due: Autostart e Rootkit. Postali su www.freefilehosting.net come indicato quì
 Fai le operazioni suddette tenendo disattivato il tuo antivirus....
 
 
  |  | 
	
		| Top |  | 
	
		|  | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 02 Mar 2008 16:59    Oggetto: |   |  
				| 
 |  
				| Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com
 
 Platform:  Windows XP
 
 *******************
 
 Script file opened successfully.
 Script file read successfully.
 
 Backups directory opened successfully at C:\Avenger
 
 *******************
 
 Beginning to process script file:
 
 Rootkit scan active.
 No rootkits found!
 
 File "C:\Documents and Settings\User\957123845.exe" deleted successfully.
 File "C:\Documents and Settings\User\957123844.exe" deleted successfully.
 File "C:\Documents and Settings\User\166.exe" deleted successfully.
 
 Completed script processing.
 
 *******************
 
 Finished!  Terminate.
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 02 Mar 2008 17:48    Oggetto: |   |  
				| 
 |  
				| Penso che il mio pc sia pieno di programmi e cose inutili ti sarei grato se mi aiutassi ad eliminarle!  ecco i link: GMER AUTOSCAN:
 -http://www.freefilehosting.net/download/3d1j7
 -[URL="http://www.freefilehosting.net/files/3d1j7"]GMER AUTOSCAN.txt[/URL]
 -<a href="http://www.freefilehosting.net/files/3d1j7">GMER AUTOSCAN.txt</a>
 
 GMER ROOTKIT:
 -http://www.freefilehosting.net/download/3d1jb
 -<a href="http://www.freefilehosting.net/files/3d1jb">GMER ROOTKIT.txt</a>
 -[URL="http://www.freefilehosting.net/files/3d1jb"]GMER ROOTKIT.txt[/URL]
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Sante62 Dio maturo
 
  
  
 Registrato: 27/06/07 17:55
 Messaggi: 3477
 Residenza: Floridia
 
 | 
			
				|  Inviato: 03 Mar 2008 22:58    Oggetto: |   |  
				| 
 |  
				| OK, adesso vai su start->esegui e digita regedit; si aprirà il registro di sistema;
 Aiutandoti con i + naviga attraverso queste chiave:
 
  	  | Citazione: |  	  | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | 
 individua, nella finestra di destra la sottochiave Userinit;
 guarda gli altri valori se corrispondono a questo:
 C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,;
 se è così devi eliminare il valore in rosso, cliccandoci sopra col tasto destro del mouse, selezionare Modifica e lasciare solo:
 C:\WINDOWS\system32\userinit.exe, virgola compresa mi raccomando altrimenti il PC non si riavvia più.
 Utilizza nuovamente Avenger con questo script:
 files to delete:
 C:\WINDOWS\system32\ntos.exe
 C:\WINDOWS\system32\drivers\qqjgblvp.sys
 C:\WINDOWS\system32\wsnpoem\audio.dll
 C:\WINDOWS\system32\wsnpoem\video.dll
 C:\WINDOWS\system32\wsnpoem
 
 Posta poi il risultato con un log aggiornato di Hijackthis;
 collegati a Kaspersky online scanner
 Quando sta scaricando i file necessari, disattiva momentaneamente l'antivirus. Non appena inizia la scansione del PC disconnettiti da internet.
 Alla fine carica il risultato su www.freefilehosting.net, riportando quì il link che ti viene assegnato come indicato quì
 Per eventuali programmi inutili che vuoi disinstallare li vederemo alla fine...
 
 
 
  |  | 
	
		| Top |  | 
	
		|  | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 04 Mar 2008 11:40    Oggetto: |   |  
				| 
 |  
				| Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com
 
 Platform:  Windows XP
 
 *******************
 
 Script file opened successfully.
 Script file read successfully.
 
 Backups directory opened successfully at C:\Avenger
 
 *******************
 
 Beginning to process script file:
 
 Rootkit scan active.
 No rootkits found!
 
 File "C:\WINDOWS\system32\ntos.exe" deleted successfully.
 
 Error:  file "C:\WINDOWS\system32\drivers\qqjgblvp.sys" not found!
 Deletion of file "C:\WINDOWS\system32\drivers\qqjgblvp.sys" failed!
 Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
 --> the object does not exist
 
 File "C:\WINDOWS\system32\wsnpoem\audio.dll" deleted successfully.
 File "C:\WINDOWS\system32\wsnpoem\video.dll" deleted successfully.
 
 Error: "C:\WINDOWS\system32\wsnpoem" is a folder, not a file!
 Deletion of file "C:\WINDOWS\system32\wsnpoem" failed!
 Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
 --> use "Folders to delete:" instead of "Files to delete:" to delete a directory
 
 
 Completed script processing.
 
 *******************
 
 Finished!  Terminate.
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 04 Mar 2008 11:41    Oggetto: |   |  
				| 
 |  
				| Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:40, on 2008-03-04
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 Boot mode: Normal
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\WINDOWS\Explorer.EXE
 C:\Programmi\VIAudioi\SBADeck\ADeck.exe
 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
 C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
 C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
 C:\Programmi\Prevx2\PXAgent.exe
 C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
 C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
 C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\wuauclt.exe
 C:\Programmi\firefox\firefox.exe
 C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
 
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.186.1.1:80
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
 R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O1 - Hosts: 65.54.239.80 messenger.hotmail.com
 O1 - Hosts: 65.54.239.80 dp.msnmessenger.skadns.net
 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
 O2 - BHO: (no name) - {297CBB7D-59D7-4853-B892-32818E6A1B46} - (no file)
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
 O2 - BHO: URLDetector Class - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
 O2 - BHO: (no name) - {6296a8b2-739d-48fd-a143-f9af12639031} - C:\WINDOWS\system32\tpaqfvho.dll (file missing)
 O2 - BHO: (no name) - {645DF18D-0418-429A-8346-9150649F3AC1} - C:\WINDOWS\system32\geede.dll (file missing)
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
 O2 - BHO: (no name) - {84A2B948-7321-4AEC-A5F9-7E40610BDE97} - (no file)
 O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: {76ab9c39-0dbb-4e0a-3fb4-16d4610b43a9} - {9a34b016-4d61-4bf3-a0e4-bbd093c9ba67} - C:\WINDOWS\system32\ibighcvj.dll (file missing)
 O2 - BHO: (no name) - {BC4CDD41-27D4-44DD-B303-D8EE85A05BAD} - (no file)
 O2 - BHO: (no name) - {D5F42965-53DA-489E-9EBF-4BDFC8E6BE0C} - (no file)
 O2 - BHO: (no name) - {F8805F76-0707-447E-B106-0302B29ADEAD} - (no file)
 O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
 O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
 O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
 O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
 O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196287478093
 O20 - Winlogon Notify: pdxywqoy - pdxywqoy.dll (file missing)
 O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
 O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
 O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
 O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
 O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
 
 --
 End of file - 6524 bytes
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Sante62 Dio maturo
 
  
  
 Registrato: 27/06/07 17:55
 Messaggi: 3477
 Residenza: Floridia
 
 | 
			
				|  Inviato: 04 Mar 2008 12:06    Oggetto: |   |  
				| 
 |  
				| Dopo aver fatto la scansione online con Kaspersky, avvia Hijackthis e fixa queste righe se presenti: 
  	  | Citazione: |  	  | O1 - Hosts: 65.54.239.80 messenger.hotmail.com O1 - Hosts: 65.54.239.80 dp.msnmessenger.skadns.net
 O2 - BHO: (no name) - {297CBB7D-59D7-4853-B892-32818E6A1B46} - (no file)
 O2 - BHO: (no name) - {6296a8b2-739d-48fd-a143-f9af12639031} - C:\WINDOWS\system32\tpaqfvho.dll (file missing)
 O2 - BHO: (no name) - {645DF18D-0418-429A-8346-9150649F3AC1} - C:\WINDOWS\system32\geede.dll (file missing)
 O2 - BHO: (no name) - {84A2B948-7321-4AEC-A5F9-7E40610BDE97} - (no file)
 O2 - BHO: {76ab9c39-0dbb-4e0a-3fb4-16d4610b43a9} - {9a34b016-4d61-4bf3-a0e4-bbd093c9ba67} - C:\WINDOWS\system32\ibighcvj.dll (file missing)
 O2 - BHO: (no name) - {BC4CDD41-27D4-44DD-B303-D8EE85A05BAD} - (no file)
 O2 - BHO: (no name) - {D5F42965-53DA-489E-9EBF-4BDFC8E6BE0C} - (no file)
 O2 - BHO: (no name) - {F8805F76-0707-447E-B106-0302B29ADEAD} - (no file)
 O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
 O20 - Winlogon Notify: pdxywqoy - pdxywqoy.dll (file missing)
 O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
 | 
 Lancia anche la scansione con il tuo antivirus Bitdefender;
 Aspetto i risultati di entrambe le scansioni con un log aggiornato di Hijackthis...
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 04 Mar 2008 17:45    Oggetto: |   |  
				| 
 |  
				| [URL="http://www.freefilehosting.net/files/3d456"]kaspersky33.html[/URL] |  | 
	
		| Top |  | 
	
		|  | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 04 Mar 2008 18:01    Oggetto: |   |  
				| 
 |  
				| Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:49, on 2008-03-04
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 Boot mode: Normal
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\WINDOWS\Explorer.EXE
 C:\Programmi\VIAudioi\SBADeck\ADeck.exe
 C:\Programmi\Prevx2\PXAgent.exe
 C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
 C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
 C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Programmi\firefox\firefox.exe
 C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe
 C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
 
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.186.1.1:80
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
 R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
 O2 - BHO: URLDetector Class - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dati applicazioni\Prevx\pxbho.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
 O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
 O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programmi\BitDefender\BitDefender 2008\IEToolbar.dll
 O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
 O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
 O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programmi\BitDefender\BitDefender 2008\IEShow.exe"
 O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\BitDefender\BitDefender 2008\bdagent.exe"
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196287478093
 O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programmi\File comuni\BitDefender\BitDefender Update Service\livesrv.exe
 O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
 O23 - Service: PREVXAgent - Prevx - C:\Programmi\Prevx2\PXAgent.exe
 O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programmi\BitDefender\BitDefender 2008\vsserv.exe
 O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Programmi\File comuni\BitDefender\BitDefender Communicator\xcommsvr.exe
 
 --
 End of file - 5548 bytes
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Rico Mortale adepto
 
  
 
 Registrato: 17/08/07 20:59
 Messaggi: 32
 
 
 | 
			
				|  Inviato: 04 Mar 2008 18:37    Oggetto: |   |  
				| 
 |  
				| BitDefender Log File !!!!! Product : BitDefender Total Security 2008
 Version : BitDefender UIScanner v.11
 Log date : 17:35:20 04/03/2008
 Log path : C:\Documents and Settings\All Users\Dati applicazioni\BitDefender\Desktop\Profiles\Logs\full_scan\1204648520_1_02.xml
 
 Scan Paths:Path0000: C:\
 
 
 Scan Options:Scan for viruses : Yes
 Scan for adware : Yes
 Scan for spyware : Yes
 Scan for applications : Yes
 Scan for dialers : Yes
 Scan for rootkits : Yes
 
 
 Target selection options:Scan registry keys : Yes
 Scan cookies : Yes
 Scan boot sectors : Yes
 Scan memory processes : Yes
 Scan archives : No
 Scan runtime packers : Yes
 Scan emails : Yes
 Scan all files : Yes
 Heuristic Scan : Yes
 Scanned extensions :
 Excluded extensions :
 
 
 Target ProcessingDefault action for infected objects : Disinfect
 Default action for suspicious objects : None
 Default action for hidden objects : None
 
 
 Scan engines summaryNumber of virus signatures : 985172
 Archive plugins : 41
 Email plugins : 6
 Scan plugins : 12
 Archive plugins : 41
 System plugins : 4
 Unpack plugins : 7
 
 
 Overall scan summaryScanned items : 39727
 Infected items : 0
 Suspicious items : 1
 Resolved items : 1
 Individual viruses found : 0
 Scanned directories : 3265
 Scanned boot sectors : 2
 Scanned archives : 134
 Input-output errors : 27
 Scan time : 00:00:33:06
 Files per second : 19
 
 
 Scanned processes summaryScanned : 25
 Infected : 0
 
 
 Scanned registry keys summaryScanned : 291
 Infected : 0
 
 
 Scanned cookies summaryScanned : 0
 Infected : 0
 
 
 Remaining issues:Object Name Threat Name Final Status
 
 
 Resolved issues:Object Name Threat Name Final Status
 C:\Documents and Settings\User\Impostazioni locali\Temp\x6XO64Y0.exe BehavesLike:Trojan.HangUp Deleted
 
 
 Objects that were not scanned:Object Name Reason Final Status
 C:\Avenger\backup.zip=]avenger/avenger.exe Password-Protected No action was possible
 C:\Avenger\backup.zip=]avenger/avenger.txt Password-Protected No action was possible
 C:\Avenger\backup.zip=]avenger/avenger.zip Password-Protected No action was possible
 C:\Avenger\backup.zip=]avenger/ntos.exe Password-Protected No action was possible
 C:\Avenger\backup.zip=]avenger/video.dll Password-Protected No action was possible
 C:\Avenger1\backup.zip=]avenger/166.exe Password-Protected No action was possible
 C:\Avenger1\backup.zip=]avenger/957123844.exe Password-Protected No action was possible
 C:\Avenger1\backup.zip=]avenger/957123845.exe Password-Protected No action was possible
 C:\Avenger1\backup.zip=]avenger/avenger.exe Password-Protected No action was possible
 C:\Avenger1\backup.zip=]avenger/avenger.txt Password-Protected No action was possible
 C:\Avenger1\backup.zip=]avenger/avenger.zip Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=]related.htm Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\BSoftwareRegistryRepair.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\BSoftwareRegistryRepair.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cassava.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cassava.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cassava1.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cassava1.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cassava2.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Cassava2.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Citofarera.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Citofarera.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Sfonditalia.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Sfonditalia.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Sfonditalia1.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Sfonditalia1.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Sfonditalia2.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Sfonditalia2.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde1.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde1.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde2.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde2.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde3.zip=]removalfile.bat Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumonde3.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\VirtumondeDll.zip=]awvtu.dll Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\VirtumondeDll.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumondegeneric1.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumondegeneric1.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumondegeneric2.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\Virtumondegeneric2.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz1.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz10.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz10.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz11.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz12.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz2.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz3.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz4.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz4.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz5.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz5.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz6.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz6.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz7.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz7.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz8.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz8.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz9.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinAgentpz9.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinBHOje.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinBHOje.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinBHOje1.zip=]sbRecovery.reg Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinBHOje1.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinTinyabk.zip=]AE8AB41F91F72503.tmp Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinTinyabk.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinTinyabk1.zip=]7CF28762C38CA0D4.tmp Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinTinyabk1.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinTinyabk2.zip=]8AF12AB59DCE7145.tmp Password-Protected No action was possible
 C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\WinTinyabk2.zip=]sbRecovery.ini Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\La struttura a termine dei tassi di interesse.zip=]La struttura a termine dei tassi di interesse.ppt Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/CVS/Entries Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/CVS/Entries.Extra Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/CVS/Entries.Extra.Old Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/CVS/Entries.Old Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/CVS/Repository Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/CVS/Root Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/CVS/Entries Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/CVS/Entries.Extra Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/CVS/Entries.Extra.Old Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/CVS/Entries.Old Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/CVS/Repository Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/CVS/Root Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/formula0.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/images/Thumbs.db Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.1.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.10.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.11.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.12.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.13.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.14.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.15.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.16.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.17.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.18.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.19.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.2.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.20.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.21.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.22.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.23.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.24.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.25.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.26.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.27.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.28.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.29.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.3.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.4.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.5.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.6.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.7.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.8.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.9.gif Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/index.htm Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\lezione-del-14-3-07parte2.zip=]lezione-del-14-3-07parte2/Thumbs.db Password-Protected No action was possible
 C:\Documents and Settings\User\Desktop\Riccardo\Università\Complementi Matematica Generale\Piazzoni\La struttura a termine dei tassi di interesse.zip=]La struttura a termine dei tassi di interesse.ppt Password-Protected No action was possible
 C:\Programmi\EdimaxWi-Fi\Autorun.apm=]ams_xml_pl.xml Password-Protected No action was possible
 C:\Programmi\EdimaxWi-Fi\Autorun.apm=]ams_xml_temp.xml Password-Protected No action was possible
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Sante62 Dio maturo
 
  
  
 Registrato: 27/06/07 17:55
 Messaggi: 3477
 Residenza: Floridia
 
 | 
			
				|  Inviato: 04 Mar 2008 18:50    Oggetto: |   |  
				| 
 |  
				| fixa questa voce con Hijackthis 
  	  | Citazione: |  	  | O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing) | 
 Elimina Combofix ed eventuali altri programmini che abbiamo usato;
 disattiva il ripristino di sistema per cancellare le chiavi infette nella cartella di ripristino;
 
 Utilizza Avenger con questo script:
 
 
  	  | Citazione: |  	  | files to delete: C:\Documents and Settings\User\Impostazioni locali\Temp\jqvnbate.dll
 C:\Programmi\mIRC6.21-Italiano-TuttoIRC\mIRC.exe
 C:\Programmi\Programmi exe\mIRC6.21-Italiano-TuttoIRC.zip
 
 | 
 Mettiti un firewall se ne sei sprovvisto, scegliendone uno tramite questa discussione
 Utilizza CCleaner; Serve a ripulire la cache di internet;
 Avvialo e clicca su opzioni->Avanzate, e togli la spunta da "elimina file solo se più vecchi di 48 ore"
 Utilizza l'opzione Pulizia e poi clicca su Analizza; alla fine clicca su Avvia Pulizia. Fai la stessa cosa con l'opzione Trova problemi; eliminerà una serie di chiavi di registro inutili;
 Alla fine, dopo aver postato il log di Avenger di quest'ultima operazione, puoi anche eliminare il backup creato;
 Adesso dovresti essere a posto; se ci sono ancora problemi fai un fischio;
 |  | 
	
		| Top |  | 
	
		|  | 
	
		| Riverside Ban a tempo indeterminato
 
  
 
 Registrato: 29/02/08 22:32
 Messaggi: 4396
 Residenza: Riverside House
 
 | 
			
				|  Inviato: 04 Mar 2008 19:32    Oggetto: |   |  
				| 
 |  
				|  	  | Sante62 ha scritto: |  	  | Elimina Combofix ed eventuali altri programmini che abbiamo usato | 
 Un solo suggerimento: il termine elimina è troppo generico: non basta prendere la cartella creata dal tool e metterla nel cestino per rimuovere, per esempio Combofix oppure Gmer.
 Ci sono per entrambi, delle precise procedure di disinstallazione.
 Per esempio, in questa discussione hai fatto utlizzare sia Combofix che Gmer, quindi:
 
 1) Per disinstallare Combofix, si segue questa procedura:
 ● Start
 ● Esegui
 ● nella casella di dialogo, digita (oppure, copia ed incolla) questo comando:  combofix /u e premi invio
 
 2) Per disinstallare Gmer, si segue questa procedura:
 ● si apre la relativa cartella creata in fase di installazione
 ● all'interno della cartella è posizionato un file Uninstall
 ● cliccare sul file Uninstall per avviare la rimozione del tool
 
 Dopo aver eseguito la rimozione, si procede con CCleaner
 
 Una piccola nota a margine: la non corretta disinstallazione di Combofix, lascia una traccia evidente in system32: il file in questione si chiama swreg.exe e viene riconosciuto, in particolare da PrevX CSI e da PrevX 2.0, come file bad.
 Capirai che, nel caso in cui ti trovassi ad analizzare un log che presenta tale situazione, tenendo conto del fatto che né VirusTotal e neppure Jotty, riconoscono, quel file, come infetto, diventeresti matto a capire di cosa si tratta.
 Ti lascio immaginare le conseguenze: la caccia ad un virus che non c'è, magari facendo ricorso ad un mare di altri software e tool, senza risolvere il problema.
 |  | 
	
		| Top |  | 
	
		|  | 
	
		|  |